Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/RedSiege/EDD
Enumerate Domain Data
https://github.com/RedSiege/EDD
Last synced: 3 months ago
JSON representation
Enumerate Domain Data
- Host: GitHub
- URL: https://github.com/RedSiege/EDD
- Owner: RedSiege
- Created: 2021-03-10T22:55:21.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2023-09-13T22:38:14.000Z (about 1 year ago)
- Last Synced: 2024-05-14T19:05:25.281Z (7 months ago)
- Language: C#
- Size: 6.07 MB
- Stars: 311
- Watchers: 9
- Forks: 58
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - RedSiege/EDD - Enumerate Domain Data (C# #)
README
[![CodeFactor](https://www.codefactor.io/repository/github/whiterabb17/edd/badge/master)](https://www.codefactor.io/repository/github/whiterabb17/edd/overview/master)
# EDD
Enumerate Domain Data is designed to be similar to PowerView but in .NET. PowerView is essentially the ultimate domain enumeration tool, and we wanted a .NET implementation that we worked on ourselves. This tool was largely put together by viewing implementations of different functionality across a wide range of existing projects and combining them into EDD.# WPF Frontend
## Usage
To use EDD, you just need to call the application, provide the function that you want to run (listed below) and provide any optional/required parameters used by the function.
Arguments:
-f, --function=VALUE the function you want to use
-o, --output=VALUE the path to the file to save
-c, --computername=VALUE the computer you are targeting
-n, --canonicalname=VALUE canonical name for domain user
-d, --domainname=VALUE the computer you are targeting
-g, --groupname=VALUE the domain group you are targeting
-p, --processname=VALUE the process you are targeting
-fd, --filedata=PATH the path to a file containing data related to the function you are invoking
-w, --password=VALUE the password to authenticate with or what you are
setting it to
-u, --username=VALUE the domain account you are targeting
-t, --threads=VALUE the number of threads to run (default: 5)
-q, --query=VALUE custom LDAP filter to search
-a, --adright=VALUE Active Directory Rights to return, separated by
commas
-s, --search=VALUE the search term(s) for
FindInterestingDomainShareFile separated by a
comma (,), accepts wildcards
--sharepath=VALUE the specific share to search for interesting files
-i, --info returns information on a specifed function
-l, --listfunction returns all available functions-h, --help show this message and exit
## Functions
The following functions can be used with the -f flag to specify the data you want to enumerate/action you want to take.
### Forest/Domain Information
getdomainsid - Returns the domain sid (by default current domain if no domain is provided)
getforest - returns the name of the current forest
getforestdomains - returns the name of all domains in the current forest
getsiddata - Converts a SID to the corresponding group or domain name (use the -u option for providing the SID value)
getadcsservers - Get a list of servers running AD CS within the current domain### Computer Information
getdomaincomputers - Get a list of all computers in the domain
getdomaincontrollers - Gets a list of all domain controllers
getdomainshares - Get a list of all domain shares
getreadabledomainshares - Get a list of all readable domain shares### User Information
changeaccountpassword - Change the password for a targeted account
customldapquery - Set arbitrary LDAP filter to search for objects
getuserdacl - Returns DACL of a specified domain object
getnetlocalgroupmember - Returns a list of all users in a local group on a remote system
getdomaingroupmember - Returns a list of all users in a domain group
getdomainuser - Retrieves info about specific user (name, description, SID, Domain Groups)
getdomaindescriptions - returns domain objects with non-standard account descriptions
getnetsession - Returns a list of accounts with sessions on the targeted system
getnetloggedon - Returns a list of accounts logged into the targeted system
getuserswithspns - Returns a list of all domain accounts that have a SPN associated with them
getdomaingroupsid - Fetch the SID of a group
getdomainsid - Fetch SID of domain
getsiddata - Return username from SID
joingroupbysid - Join an account to a group via the group's sid
joingroupbyname - Join an account to a group via the group's name### Chained Information
findadminsch - Uses the task scheduler to query for admin rights within a domain
findadminwmi - Uses WMI to search for admin rights within a domain
finddomainprocess - Search for a specific process across all systems in the domain (requires admin access on remote systems)
finddomainuser - Searches the domain environment for a specified user or group and tries to find active sessions (default searches for Domain Admins)
findemptysystem - Searches the domain for systems with no user account logged into it
findinterestingdomainsharefile - Searches the domain environment for all accessible shares. Once found, it parses all filenames for "interesting" strings
findwritableshares - Enumerates all shares in the domain and then checks to see if the current account can create a text file in the root level share, and one level deep.## References
PowerView - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
CSharp-Tools - https://github.com/RcoIl/CSharp-Tools
StackOverflow - Random questions (if this isn't somehow listed as a reference, we know we're forgetting it :))
SharpView - https://github.com/tevora-threat/SharpView